Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/HnWetEwt9SfzrdVumCWXipTmrGY.roa
File:                     HnWetEwt9SfzrdVumCWXipTmrGY.roa (raw, json)
Hash identifier:          qo1xu7/QgUA3jqTLkS8KxhBD7n5/N/B5fF5rrLaAkS8=
Subject key identifier:   1E:75:9E:B4:4C:2D:F5:27:F3:AD:D5:6E:98:25:97:8A:94:E6:AC:66
Certificate issuer:       /CN=2f2709cb399c4e168ccbda16db136b5bc8b96dd6
Certificate serial:       019425FC11178147198854A76F529622A8E7
Authority key identifier: 2F:27:09:CB:39:9C:4E:16:8C:CB:DA:16:DB:13:6B:5B:C8:B9:6D:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LycJyzmcThaMy9oW2xNrW8i5bdY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/HnWetEwt9SfzrdVumCWXipTmrGY.roa
Signing time:             Thu 02 Jan 2025 07:47:43 +0000
ROA not before:           Thu 02 Jan 2025 07:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56624
IP address blocks:        91.237.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/LycJyzmcThaMy9oW2xNrW8i5bdY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/LycJyzmcThaMy9oW2xNrW8i5bdY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LycJyzmcThaMy9oW2xNrW8i5bdY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 22:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:11:17:81:47:19:88:54:a7:6f:52:96:22:a8:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f2709cb399c4e168ccbda16db136b5bc8b96dd6
        Validity
            Not Before: Jan  2 07:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e759eb44c2df527f3add56e9825978a94e6ac66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a3:32:b0:ed:87:c8:69:96:a1:4a:62:ed:13:
                    c4:d0:5e:a8:9a:9f:cb:5d:85:37:3e:2b:d9:25:96:
                    08:15:f3:46:a3:db:96:cb:9f:0a:77:14:ba:86:f4:
                    66:08:32:88:af:cc:33:b0:66:b0:fa:52:dd:f6:f0:
                    ab:df:f4:df:c2:51:56:c5:1a:40:e7:79:e2:79:fe:
                    76:14:a7:f5:92:4b:a5:18:89:12:10:2b:3d:9c:82:
                    05:33:07:42:85:c4:08:55:01:92:c6:17:08:17:0f:
                    58:77:5e:52:e4:c8:e4:79:4d:02:26:dc:82:f9:81:
                    f7:fb:da:45:ae:67:43:45:5b:8b:cf:fc:3d:5a:48:
                    41:63:98:7d:a7:0a:91:60:1f:6b:1e:1e:f2:ca:e4:
                    58:db:70:11:49:d8:74:3c:f4:93:8f:d5:9d:e7:b4:
                    0f:08:5a:81:cd:36:a6:0d:77:38:48:73:66:1d:0e:
                    42:4f:52:8b:b0:6e:81:96:86:4d:03:9a:49:06:77:
                    47:81:f7:22:45:f7:4b:34:58:51:41:ef:67:a5:41:
                    1a:d5:bb:c5:0c:43:6f:88:82:5d:7d:81:38:c2:d3:
                    a4:25:13:8f:93:73:36:e3:63:2b:b5:29:b4:70:da:
                    a7:ce:c8:6f:d5:7e:e6:80:ac:06:18:52:5a:15:63:
                    36:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:75:9E:B4:4C:2D:F5:27:F3:AD:D5:6E:98:25:97:8A:94:E6:AC:66
            X509v3 Authority Key Identifier:
                keyid:2F:27:09:CB:39:9C:4E:16:8C:CB:DA:16:DB:13:6B:5B:C8:B9:6D:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LycJyzmcThaMy9oW2xNrW8i5bdY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/HnWetEwt9SfzrdVumCWXipTmrGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/LycJyzmcThaMy9oW2xNrW8i5bdY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:e6:fd:8a:51:b4:f0:be:9e:fc:c8:81:e5:b3:83:c3:6c:9c:
         61:82:ce:ab:25:7c:fa:b5:04:38:d0:ec:e1:f1:d3:7f:91:d5:
         d5:87:28:7b:f7:24:a0:04:1c:dd:08:e3:35:b1:fc:e3:1a:7c:
         06:f9:8b:71:fa:65:47:8c:72:bd:c0:46:75:5f:11:e9:3f:72:
         fe:ff:92:1f:14:38:b0:e4:42:99:f4:79:0c:75:25:88:27:e6:
         80:81:a4:8d:04:4e:5f:01:7a:2b:ce:e1:44:28:07:aa:01:3a:
         ff:8d:86:63:ae:cd:c0:45:d7:4f:70:b9:5b:06:94:ac:f4:ae:
         b1:22:3a:79:d2:cd:84:b6:c9:48:e7:fe:ab:c6:97:79:3f:44:
         fd:c1:43:3e:9b:2f:aa:15:4e:d4:bb:e7:7a:10:4d:88:14:66:
         99:1a:c0:a3:24:c3:ee:c1:4e:c3:07:51:80:09:02:92:a1:ac:
         57:a0:2f:1d:57:8f:8f:ff:de:9a:5b:3d:9b:d2:a4:e4:e8:b8:
         80:e1:2d:b3:31:53:cd:9a:a0:cf:48:13:6c:b4:19:14:cf:e8:
         81:54:c6:61:2e:95:90:b2:c5:47:af:6f:42:94:8a:08:c7:6d:
         cc:fa:21:53:9c:80:2f:cd:3d:2d:6f:40:ea:8b:ce:b3:19:5e:
         3f:b6:22:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/BEXgUcZiFSnb1KWIqjnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMjcwOWNiMzk5YzRlMTY4Y2NiZGExNmRiMTM2YjViYzhi
OTZkZDYwHhcNMjUwMTAyMDc0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTc1OWViNDRjMmRmNTI3ZjNhZGQ1NmU5ODI1OTc4YTk0ZTZhYzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaMysO2HyGmWoUpi7RPE0F6omp/L
XYU3PivZJZYIFfNGo9uWy58KdxS6hvRmCDKIr8wzsGaw+lLd9vCr3/TfwlFWxRpA
53nief52FKf1kkulGIkSECs9nIIFMwdChcQIVQGSxhcIFw9Yd15S5MjkeU0CJtyC
+YH3+9pFrmdDRVuLz/w9WkhBY5h9pwqRYB9rHh7yyuRY23ARSdh0PPSTj9Wd57QP
CFqBzTamDXc4SHNmHQ5CT1KLsG6BloZNA5pJBndHgfciRfdLNFhRQe9npUEa1bvF
DENviIJdfYE4wtOkJROPk3M242MrtSm0cNqnzshv1X7mgKwGGFJaFWM20QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB51nrRMLfUn863Vbpgll4qU5qxmMB8GA1UdIwQY
MBaAFC8nCcs5nE4WjMvaFtsTa1vIuW3WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHljSnl6bWNUaGFNeTlvVzJ4TnJXOGk1YmRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9mODM3ODEtMjk0OS00OGM3LTg5MDAt
MjAxNjdjZDQyYjgyLzEvSG5XZXRFd3Q5U2Z6cmRWdW1DV1hpcFRtckdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9mODM3ODEtMjk0OS00OGM3LTg5MDAtMjAxNjdjZDQyYjgy
LzEvTHljSnl6bWNUaGFNeTlvVzJ4TnJXOGk1YmRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+3sMA0G
CSqGSIb3DQEBCwUAA4IBAQA+5v2KUbTwvp78yIHls4PDbJxhgs6rJXz6tQQ40Ozh
8dN/kdXVhyh79ySgBBzdCOM1sfzjGnwG+Ytx+mVHjHK9wEZ1XxHpP3L+/5IfFDiw
5EKZ9HkMdSWIJ+aAgaSNBE5fAXorzuFEKAeqATr/jYZjrs3ARddPcLlbBpSs9K6x
Ijp50s2EtslI5/6rxpd5P0T9wUM+my+qFU7Uu+d6EE2IFGaZGsCjJMPuwU7DB1GA
CQKSoaxXoC8dV4+P/96aWz2b0qTk6LiA4S2zMVPNmqDPSBNstBkUz+iBVMZhLpWQ
ssVHr29ClIoIx23M+iFTnIAvzT0tb0Dqi86zGV4/tiJ3
-----END CERTIFICATE-----